GitLab Breach: 17,000 Secrets Exposed – Causes and Remedies

Executive Summary

In November 2025, a significant data breach was identified on GitLab Cloud, exposing over 17,000 live secrets including API keys, access tokens, and cloud credentials. This breach was uncovered by security researcher Luke Marshall, who utilized the open-source tool TruffleHog to scan approximately 5.6 million public repositories. The automated scanning process, which took around 24 hours and cost about $770 in cloud compute resources, revealed that secrets were leaked across more than 2,800 domains. The incident highlights the alarming issue of “secrets sprawl,” where hard-coded credentials are inadvertently published in public repositories, jeopardizing users’ security and privacy on a massive scale.

 Read the full breach analysis from NHI Mgmt Group here

Key Details

Breach Timeline

• Late November 2025: Security analysis conducted using TruffleHog.
• Scanning process took approximately 24 hours to complete.
• Automated tools leveraged AWS for efficiency and cost-effectiveness.

Data Compromised

• Over 17,000 live secrets were exposed.
• Compromised data included API keys, access tokens, and cloud credentials.
• Secrets were found across 2,800 different domains, emphasizing the scale of the issue.

Impact Assessment

• The exposure of credentials presents serious cybersecurity risks, including unauthorized access to sensitive resources.
• Organizations using GitLab Cloud may face potential breaches that could lead to data loss or financial repercussions.
• The incident raises concerns about the security of public code repositories and the need for better credential management practices.

Company Response

• GitLab is expected to implement enhanced monitoring and alerting systems to detect future secret leaks.
• Public awareness campaigns on best practices for securing sensitive data in repositories are likely to follow.

Security Implications

• This breach serves as a wake-up call for developers to avoid hard-coding sensitive credentials in public repositories.
• Organizations are encouraged to adopt secret management tools to secure API keys and other sensitive information.
• Continuous education on cybersecurity best practices is vital to mitigate the risks associated with secrets sprawl.

 If you want to learn more about how to secure NHIs including AI Agents, check our NHI Foundational Training Course.